Forum Discussion

Carlos_Garibay_'s avatar
Carlos_Garibay_
Icon for Nimbostratus rankNimbostratus
Jan 08, 2016

SSL Certificate

Hello,

I have created a CSR and has been signed by a third party vendor. I followed the instructions from the F5 documentations and have installed the first part of the Cert. Where I'm lost is in importing the the ssl private key. Where do I locate the private key to import?

Do I created before hand on the BIG-IP?

Importing an SSL private key

Impact of procedure: Performing the following procedures should not have a negative impact on your system.

Log in to the Configuration utility.
Navigate to System > File Management > SSL Certificates List.
Click Import.
From the Import Type list, select Key.
In the Key Name section, click Create New.
In the Key Name box, type a unique name for the key.
In the Key Source section, click either Upload File or Paste Text.
Click Import.



Thanks
Carlos

5 Replies

  • Hey,

     

    Have another look at the SSL Certificates and Keys list. When you first generate a CSR (Create a new certificate on F5), your matching private key will be generated and imported automatically.

     

  • ok I found it thanks, now how do set to use that cert versus the default cert? So when users go to webtop its using the correct cert?

     

    Thanks Carlos

     

    • Hannes_Rapp's avatar
      Hannes_Rapp
      Icon for Nimbostratus rankNimbostratus
      This SOL could be interesting for you - https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14783.html Create a new (custom) clientssl profile where you specify 1) Cert 2) Key 3) Chain (Cert of the authority intermediary who signed your CSR, i.e. DigiCert CA). For Chain, import the Intermediary CA as any other regular Certificate. Before doing so, make sure you have the correct type of Intermediary CA which matches your certificate Issuer Name 1 to 1; you may run into issues if you use incorrect type. If unsure, ask for the correct Intermediary CA Certificate from the same person who sent you the Signed Public Certificate. When you're finished with the creation of your custom clientssl profile, go back to Virtual Server settings, and apply it as `clientssl profile`; click Update. Done! It's never a bad idea to finalize certificate updates by validatating with your favourite online SSL checker, i.e. www.digicert.com/help It will let you know if the certificate is correctly installed.
  • Hello Hannes

     

    The article gave me the answer. Thank you for assisting.

     

    Thanks Carlos